You can specify a `HIJACK_LOGIN_REDIRECT_URL` and a `REVERSE_HIJACK_LOGIN_REDIRECT_URL`. This settings are used to redirect to a specific url after hijacking or releasing the user. Default for both is the django `LOGIN_REDIRECT_URL`.

HIJACK_LOGIN_REDIRECT_URL = "/profile/" # where you want to be redirected to, after hijacking the user. REVERSE_HIJACK_LOGIN_REDIRECT_URL = "/admin/" # where you want to be redirected to, after releasing the user.

There are different possibilies to hijack an user and communicate with users.

### Hijack using the 'Hijack Button' on the admin siteGo to Users in the admin backend and push the ‘Hijack’ button to hijack an user. This is the default mode and base versionof django-hijack. To disable the ‘Hijack’ button on the admin site (by not registrating the HijackUserAdmin) set ``SHOW_HIJACKUSER_IN_ADMIN = False`` in your project settings. If you are using a custom user model, you will have to add support for displaying the button yourself to your own `CustomUserAdmin`. Simply mix in the `hijack.admin.HijackUserAdminMixin`, and add `hijack_field` to `list_display`.

### Hijack by calling URLs in the browser's address barFor advanced superusers, users can be hijacked directly from the address bar by typing:

### Notify superusers when working behalf of another userThis option warns the superuser when working with another user as initally logged in. To activate this option performthe following steps:

* In your base.html add ``{% load hijack_tags %}``, ``{% load staticfiles %}`` and* load the styles using ``<link rel="stylesheet" type="text/css" href="{% static 'hijack/hijack-styles.css' %}"/>``.* Place ``{{ request|hijackNotification }}`` just after your opening body tag.* In your project settings add ``HIJACK_NOTIFY_ADMIN = True``. The default is True.* You need to add ``django.core.context_processors.request`` to your template context processors to be able to use requests and sessions in the templates.* Make sure that ``django.contrib.staticfiles`` is included in your ``INSTALLED_APPS``.* Do not forget to run ``python manage.py collectstatic``.

### Release/reverse hijack

In the visual notification for the superuser (or staff if ``ALLOW_STAFF_TO_HIJACKUSER`` is True), when working on behalf of other users, thereis a link to release the hijacked user and switch back. After releasing you are redirected to `LOGIN_REDIRECT_URL` or to the URL defined in `REVERSE_HIJACK_LOGIN_REDIRECT_URL`.

REVERSE_HIJACK_LOGIN_REDIRECT_URL = '/admin/auth/user/'

The release/reverse hijack will be executed when the URL `/hijack/release-hijack/` is called (or whatever is linked to the URL with name = "release_hijack").

#### Hijack historyIf you (A) hijack a superuser (B) and then you hijack another user (C), the release will go backwards through the list of hijacked users one by one. After the first release you then are superuser (B), after the second you are superuser (A).

### Notify users when they were hijackedNOTE: This use case is not fully implemented yet!

This option allows to notify and inform users when they were hijacked by a superuser. To activate this optionfollow these steps:

* In your base.html add ``{% load hijack_tags %}``, ``{% load staticfiles %}`` and* load the styles using ``<link rel="stylesheet" type="text/css" href="{% static 'hijack/hijack-styles.css' %}"/>``.* Place ``{{ request|hijackNotification }}`` just after your opening body tag.* In your project settings add ``HIJACK_NOTIFY_USER = True``. The default is False (= silent mode)* You need to add ``django.core.context_processors.request`` to your template context processors to be able to use requests and sessions in the templates.* Make sure that ``django.contrib.staticfiles`` is included in your ``INSTALLED_APPS``.* Do not forget to run ``python manage.py collectstatic``.

### Allow staff members to hijack other usersThis option allows staff members to hijack other users. In your project settings set ``ALLOW_STAFF_TO_HIJACKUSER`` to ``True``. The default is False.

All critical imports are carried out with the [compat library]https://github.com/arteria/django-compat that gives the compatibility for django 1.4 to 1.8

### Support for custom user models

django-hijack supports custom user models, all you need to do is to add the hijack button to your custom user `admin.py`. Import HijackUserAdminMixin from hijack admin and add ``hijack_field`` to your ``list_display``.

# TODOs, issues and planned features* Handle hijack using URLs on non unique email addresses.* unset_superuser example for signals* Store info in user's profile (see #3 comments, Use case: 'Notify users when they were hijacked', see above)* "got it" Link in notification to remove notification and flag from session. This is useful if hijack is used to switch between users and ``HIJACK_NOTIFY_ADMIN`` is True.* Support for named URLs for the hijack button.* Handle signals in ``release_hijack(..)``, currently the signals are only triggered in ``login_user(..)`` and ``logout_user(..)``.* Graceful support for custom user models that do not feature username / email

## FAQ, troubleshooting and hints

### Why does the hijack button not show up in the admin site, even if I set ``SHOW_HIJACKUSER_IN_ADMIN = True`` in my project settings?

If your ``UserAdmin`` object is already registered in the admin site through another app (here is an example of a Facebook profile, https://github.com/philippeowagner/django_facebook_oauth/blob/master/facebook/admin.py#L8) you could disable the registration of django-hijack by settings ``SHOW_HIJACKUSER_IN_ADMIN = False`` in your project settings.

Afterwards create a new ``UserAdmin`` class derived from ``HijackUserAdmin``. The Facebook example would look like this:

Similar projects can be found and compared in the [user-switching]https://www.djangopackages.com/grids/g/user-switching/ or the [support gird]https://www.djangopackages.com/grids/g/support-apps/ of djangopackages.

## Contribute

If you want to contribute to this project, simply send us a pull request. Thanks. :)